VYPR
Unrated severityNVD Advisory· Published Nov 6, 2019· Updated Sep 17, 2024

MAGICK

CVE-2019-5642

Description

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.

Affected products

2
  • Rapid7/Metasploitllm-fuzzy2 versions
    <=4.16.0-2019081901+ 1 more
    • (no CPE)range: <=4.16.0-2019081901
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.